On Sat, Aug 05, 2006 at 03:40:58AM -0000, John Levine allegedly wrote:
I can't gather requirements if I can't make any sense of what you're saying.
That's a reasonable concern.
The fog around SSP is so opaque that I'm really wondering if it
wouldn't make more sense to punt and wait for people to do enough
experiments to understand what turns out to be useful.
That's a reasonable proposition. It's certainly the case that we're
dealing with parties who want to make bi-lateral "I sign all"
arrangements with us, but it's early days so measuring the value an
generality of that is some way off.
Their thinking is that they don't need Internet-wide support (or
perhaps they don't want to wait for it), all they need is enough
support to make the attackers move onto an easier target. Yes,
self-preservation is not pretty, but it's common.
As far as I recall, we have never been propositioned for any
bi-lateral that is less rigid than "I sign all" for a given
domain. From this list it's clear that senders must be clammering for
more subtle policies, but those senders aren't talking to us so I'm
not competent in those discussions.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html